a survey of FreeBSD ZFS snapshot automation tools

Why automatically snapshot filesystems? Because snapshots let you magically fall back to older versions of files and even the operating system. Taking a manual snapshot before a system upgrade is laudable, but you need to easily recover files when everything goes bad. So I surveyed my Twitter followers to see what FreeBSD ZFS snapshot automation . . . → Read More: a survey of FreeBSD ZFS snapshot automation tools

Installing and Using Tarsnap for Fun and Profit

Well, “profit” is a strong word. Maybe “not losing money” would be a better description. Perhaps even “not screwing over readers.”

I back up my personal stuff with a combination of snapshots, tarballs, rsync, and sneakernet. This is fine for my email and my personal web site. Chances are, if all four of my backup . . . → Read More: Installing and Using Tarsnap for Fun and Profit

LibreSSL at BSDCan

Thanks to various airline problems, we had an open spot on the BSDCan schedule. Bob Beck filled in at the last moment with a talk on the first thirty days of LibreSSL. Here are some rough notes on Bob’s talk (slides now available).

LibreSSL forked from OpenSSL 1.0.1g.

Why did “we” let OpenSSL happen? Nobody . . . → Read More: LibreSSL at BSDCan

Penguicon 2014 Schedule

“Hey, where is Lucas? Why hasn’t he posted lately?”

I’ve done nothing worth posting about. Most of this month I spent removing a per-millennial switch from the core of the network, which was painstaking and annoying but not noteworthy. I then spent nine days at a writing workshop, which was fascinating, educational, and utterly exhausting. . . . → Read More: Penguicon 2014 Schedule

Book Review: “Applied Network Security Monitoring”

Chris Sanders kindly sent me a review copy of Applied Network Security Monitoring, written by Sanders along with Jason Smith, David J Bianco, and Liam Randall. It’s a very solid work, with much to recommend it to IT people who either have been told to implement security monitoring or who think that they should.

Some . . . → Read More: Book Review: “Applied Network Security Monitoring”

DNSSEC-verified SSL Certificates, the Standard Way

DANE, or DNS-based Authentication of Named Entities, is a protocol for stuffing public key and or public key signatures into DNS. As standard DNS is forged easily, you can’t safely do this without DNSSEC. With DNSSEC, however, you now have an alternative way to verify public keys. Two obvious candidates for DANE data are SSH . . . → Read More: DNSSEC-verified SSL Certificates, the Standard Way

NYCBSDCon 2014 Video, and 2014 appearances

The video of my NYCBSDCon talk is now on available on YouTube.

This talk is a little rougher than most I give. I felt worn-out before I even spoke on Saturday night. I woke up Sunday morning with tonsils the size of tennis balls (which made airport security interesting, let me tell you. “No, those . . . → Read More: NYCBSDCon 2014 Video, and 2014 appearances

Running Ancient Rsync

Another “write it down so I don’t forget what I did” post.

Some of the systems I’m responsible for are file storage machines, running rsync 3.0 or 3.1 as a daemon. Every hour, an ancient Solaris machine sends files to it using rsync 2.3.1. The billing team uses these files to create bills.

Thursday, I . . . → Read More: Running Ancient Rsync

ifup-local on bridge members on CentOS

I run a bunch of CentOS 6 physical servers as QEMU virtualization devices. These hosts have two NICs, one for management and one for virtual machine bridges.

When you use Linux for virtualization, it’s important to increase the amount of memory for network transmit and receive buffers. You also need to disable GSO and TSO, . . . → Read More: ifup-local on bridge members on CentOS

Jan 2014 Java update broke me

So I’m trying to upgrade my Ansible server to the newest OpenBSD snapshot, which involves working at the console. I go to my virtual server control panel, click on the link to the Java applet, and get told that Java won’t run this application.

Turns out that Java has trusted self-signed certificates for applications until . . . → Read More: Jan 2014 Java update broke me